• BlueKeep exploitation expected soon

    Home » Forums » Newsletter and Homepage topics » BlueKeep exploitation expected soon

    Author
    Topic
    #1881532

    Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be wi
    [See the full post at: BlueKeep exploitation expected soon]

    6 users thanked author for this post.
    Viewing 10 reply threads
    Author
    Replies
    • #1881535

      @gborn has also blogged, on borncity.com:
      BlueKeep warning: Exploit might come soon?

      5 users thanked author for this post.
    • #1881846

      Per Vess Bontchev:

      …we’re one step closer to a BlueKeep worm – but not very close. I still think that there are considerable chances of it not happening.

      6 users thanked author for this post.
    • #1882059

      We’ve received several anonymous posts about an exploit being posted on Darknet. Sorry, but that just isn’t true – at least, no readily usable exploit. If you know of something that actually works, please email me or DM Kevin Beaumont on Twitter. Color me extremely skeptical.

      6 users thanked author for this post.
    • #1882062

      I’ve installed updates that supposedly prevent the BlueKeep hack. Now, I’m going to forget about it as my worry bin is full.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender
      2 users thanked author for this post.
    • #1882082

      @gborn has also blogged, on borncity.com:
      BlueKeep warning: Exploit might come soon?

      “It is currently estimated that approximately 800,000 systems are still unpatched and accessible via the Internet”

      I find it hard to believe that there are this many Windows XP / Vista / 7 / 2003 / 2008 / 2008R2 machines with RDP turned on that are fully exposed to the Internet.

      Granted there are plenty of “forgotten” Windows Server installations out there that aren’t getting patched…. but how many of them have a public IP address?

      • #1882176

        I believe they’re coming up with a pretty accurate number using Shodan searches; it’s approximate only because systems are being patched or taken offline on an ongoing basis.

    • #1882117

      So, does this mean there are folks who want this to happen? There’s now an online tutorial explaining how to use BlueKeep on a Microsoft-owned website? Sweet. They might want to do something about that, but then again maybe not.

      I’m still waiting for Spectre/Meltdown exploits to be in the wild from a year and a half ago to make all the performance losses from the patches worth it for those who installed them. I guess this online tutorial is an attempt to make sure this isn’t just FUD and something actually comes of it this time.

      It’s a shame FUD works so well on people even techies, but if this tutorial does cause exploits to be released into the wild, it’s on a Microsoft-owned site and are therefore responsible for it to some degree, are they not?

      3 users thanked author for this post.
      • #1882124

        It’s a shame FUD works so well on people even techies, but if this tutorial does cause exploits to be released into the wild, it’s on a Microsoft-owned site and are therefore responsible for it to some degree, are they not?

        Just as responsible as Woody is for every word that you and I type here.

        • #1882369

          I highly doubt that. This is a message board. GitHub is a code repository that, in this case, is hosting material that is telling people how to use code maliciously to take over people’s computers and potentially extort them or steal their personal information. Big, big difference. As owners, MS certainly can decide that this is malicious and bad for business. If they know it’s there, what it’s intents are and leaves it there where it ultimately causes damage, they are certainly responsible for taking no action.

      • #1883161

        Who is benefiting, business-wise, from this?

        -Noel

        1 user thanked author for this post.
        • #1883176

          It seems Microsoft would stand to benefit if they can scare a few more of those annoying W7 users into getting Windows 10. Someone certainly seems to want this to happen. I don’t know how else to interpret there being a tutorial showing exactly how to use it while almost certainly knowing how it will be used and who it will be used on.

          • #1883719

            That’s an extraordinarily long bow to draw!

            Naw. If you think MS could organize something like this to drive Win10 migrations, you’re waaaaaaaaay overestimating their ability.

            The Microsoft conspiracy theories are out of place in a security issue, as I read Woody’s comment.

            1 user thanked author for this post.
            • #1884023

              It also doesn’t make any sense.

              The tutorial doesn’t explain how to use BlueKeep, although it does fill in some gaps. There will be an exploit sooner or later, and the exploiter may rely on the Github stuff to come up with a working example. But MS isn’t aiding and abetting, and they certainly didn’t create the problem in the first place.

              Microsoft has nothing to gain from a BlueKeep exploit. Nothing. As you know, I am quick to lambaste Microsoft when they deserve it. (Sometimes too quick.) This isn’t one of those times.

              3 users thanked author for this post.
    • #1882394

      “Are you protected?”

      It might be worthwhile to edit the article to add a reminder after that question of how you get protected. Most people don’t remember from one month to the next which update does what or whether they’ve installed it.

      2 users thanked author for this post.
    • #1882401

      So, does this mean there are folks who want this to happen? There’s now an online tutorial explaining how to use BlueKeep on a Microsoft-owned website? Sweet. They might want to do something about that, but then again maybe not.

      I’m still waiting for Spectre/Meltdown exploits to be in the wild from a year and a half ago to make all the performance losses from the patches worth it for those who installed them. I guess this online tutorial is an attempt to make sure this isn’t just FUD and something actually comes of it this time.

      It’s a shame FUD works so well on people even techies, but if this tutorial does cause exploits to be released into the wild, it’s on a Microsoft-owned site and are therefore responsible for it to some degree, are they not?

      I think you are on to something. I wouldn’t be surprised if the FUD and tutorial is being used as a scare tactic and last ditch effort to convince folks that they need to get off of these older OSes and get on to Windows 10.

      1 user thanked author for this post.
    • #1882416

      So, does this mean there are folks who want this to happen? There’s now an online tutorial explaining how to use BlueKeep on a Microsoft-owned website? Sweet. They might want to do something about that, but then again maybe not.

      I’m still waiting for Spectre/Meltdown exploits to be in the wild from a year and a half ago to make all the performance losses from the patches worth it for those who installed them. I guess this online tutorial is an attempt to make sure this isn’t just FUD and something actually comes of it this time.

      It’s a shame FUD works so well on people even techies, but if this tutorial does cause exploits to be released into the wild, it’s on a Microsoft-owned site and are therefore responsible for it to some degree, are they not?

      I think you are on to something. I wouldn’t be surprised if the FUD and tutorial is being used as a scare tactic and last ditch effort to convince folks that they need to get off of these older OSes and get on to Windows 10.

      While every alternate article here dealing with the latest Windows 10 version issues reminds us why we shouldn’t do so!

      1 user thanked author for this post.
      • #1882827

        Naw. If you think MS could organize something like this to drive Win10 migrations, you’re waaaaaaaaay overestimating their ability.

        1 user thanked author for this post.
    • #1882443

      According to this GBorn blog page from May, referring to the problem now under discussion here:

      https://borncity.com/win/2019/05/15/critical-update-for-windows-xp-up-to-windows-7-may-2019/

      Starting with Windows 8, the vulnerability no longer exists in the Remote Desktop Service. Windows 7, Windows Server 2008, and Windows Server 2008 R2 receive a patch to close the vulnerability with regular Monthly Rollup or Security Online updates.

      Does this mean that if one has already applied the May Security(etc.) patch according to one’s patching group (A or B), then one does not need to turn off the Remote Desktop Service?  I’ve had (a) this patch installed since late May and (b) prefer to turn the RDS on occasionally, to make it easier to communicate between my Mac and my Windows 7 PC. I would appreciate some advice on whether this is a good thing to do, or not, and why.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #1882456

        Does this mean that if one has already applied the May Security(etc.) patch according to one’s patching group (A or B), then one does not need to turn off the Remote Desktop Service?

        Yes. You are safe.

        4 users thanked author for this post.
      • #1888408

        I hope that there is no BlueKeep like vulnerability  that’s been patched in the July 2019 “security only” update that has the telemetry because that’s not being installed on my laptops. And as far as that goes any Microsoft windows 7 “security only” patches that are not actually Security Only in fact are not getting installed.

        I’ll just have to consider that the Windows 7 extended support period has expired a little early and that’s Microsoft’s fault. So let’s hope that August 2019’s Security Only patches are not of that “Security Only” variety.

        I will be running windows 7 after Jan 2020 and I’ll just make sure that any personal data in no longer on the laptops after Jan 2020.  I’m not playing that cat and mouse game with Redmond’s snooping.

         

        • #1888815

          From above, “I will be running windows 7 after Jan 2020 and I’ll just make sure that any personal data in no longer on the laptops after Jan 2020.”

          Maybe we use the term ‘personal data’ differently. When I use it, I am referring to all data created by me personally (the first party) while using the system (my Win7 leased copy from Microsoft, the second party). Not just my personal vital statistics and embarrassing party photos.

          From my mindset, I do not see the purpose of running a system with no personal data involved. It would just be an idling lump pushing electrons through the second party’s software (the OS, Win7) for no goal, converting electrical current to light and heat.

          I will be using a supported system to perform all computation and presentation of my personal data. No gamesmanship required. Just good commerce as agreed to by both parties.

          • #1889641

            Personal data removed and any windows 7 laptops just used for browsing and some other Laptop running Linux/Mac OS/Other non MS OS that’s patched and secured for any secure related usage.

            So the Windows 7 laptops are only used for browsing with no logging in etc. And with those Windows 7 laptops scrubbed clean of any personal files and data that can be used for nefarious reasons.

            The folks in Redmond are in for some security issues if they can not keep the spyware out of any further Windows 7 Security Only Updates up until Jan 2020 and July’s Windows 7 “Security Only” KB is not getting installed unless the telemetry is removed, BlueKeep or whatever. Security Only  means SECURITY ONLY, Microsoft!

    • #1896542

      Seems I’ve already been locked out of MS updates?  I can download them – but they won’t run! I’m no longer able to install and run them. They just sit there in my download file defying any and all attempts to actually do anything useful. I first ran Windows Installed Updates and it “searched for installed updates” for over a half hour until I finally finished cleaning the bathroom and got tired of waiting for it. I stopped it, went to MS and tried downloading the files individually. I could download them – but they wouldn’t run! I ran Malwarebytes, Windows Defender along with Wise Care 365. I can no longer run Windows Updates. I assume, of course, they would let me update to Win 10 – which is not going to happen! I

    Viewing 10 reply threads
    Reply To: BlueKeep exploitation expected soon

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: